From 07bc5a99ec72562fb27ded3bede296589883ac19 Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 26 Sep 2024 12:46:22 -0500 Subject: [PATCH] Added VWAN changes --- .../.config/ALZ-Powershell-Auto.config.json | 14 ++ ...ctivity.parameters.az.multiRegion.all.json | 230 ++++++++++++++++++ 2 files changed, 244 insertions(+) create mode 100644 infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.az.multiRegion.all.json diff --git a/accelerator/.config/ALZ-Powershell-Auto.config.json b/accelerator/.config/ALZ-Powershell-Auto.config.json index 0238873f9..701d07d9d 100644 --- a/accelerator/.config/ALZ-Powershell-Auto.config.json +++ b/accelerator/.config/ALZ-Powershell-Auto.config.json @@ -224,6 +224,20 @@ "firstRunWhatIf": false, "order": 12, "group": "connectivity" + }, + { + "name": "vwan_multi_region", + "displayName": "Hub (VWAN) Multi-Region Deployment", + "templateFilePath": "./infra-as-code/bicep/modules/vwanConnectivity/vwanConnectivity.bicep", + "templateParametersFilePath": "./config/custom-parameters/vwanConnectivity.parameters.multiRegion.all.json", + "templateParametersSourceFilePath": "./infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.az.multiRegion.all.json", + "subscriptionId": "CONNECTIVITY_SUBSCRIPTION_ID", + "resourceGroupName": "CONNECTIVITY_RESOURCE_GROUP", + "networkType": "vwanConnectivityMultiRegion", + "deploymentType": "resourceGroup", + "firstRunWhatIf": false, + "order": 13, + "group": "connectivity" } ], "inputs": { diff --git a/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.az.multiRegion.all.json b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.az.multiRegion.all.json new file mode 100644 index 000000000..976085211 --- /dev/null +++ b/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.az.multiRegion.all.json @@ -0,0 +1,230 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "parLocation": { + "value": "eastus" + }, + "parCompanyPrefix": { + "value": "alz" + }, + "parVirtualHubEnabled": { + "value": true + }, + "parVirtualWanName": { + "value": "alz-vwan" + }, + "parVirtualWanHubName": { + "value": "alz-vhub" + }, + "parVirtualWanHubDefaultRouteName": { + "value": "default-to-azfw" + }, + "parVpnGatewayName": { + "value": "alz-vpngw" + }, + "parExpressRouteGatewayName": { + "value": "alz-ergw" + }, + "parAzFirewallName": { + "value": "alz-fw" + }, + "parAzFirewallPoliciesName": { + "value": "alz-azfwpolicy" + }, + "parVirtualWanHubs": { + "value": [ + { + "parVpnGatewayEnabled": true, + "parExpressRouteGatewayEnabled": true, + "parAzFirewallEnabled": true, + "parVirtualHubAddressPrefix": "10.100.0.0/23", + "parHubLocation": "eastus", + "parHubRoutingPreference": "ExpressRoute", + "parVirtualRouterAutoScaleConfiguration": 2, + "parVirtualHubRoutingIntentDestinations": [], + "parAzFirewallDnsServers": [], + "parAzFirewallIntelMode": "Alert", + "parAzFirewallDnsProxyEnabled": true, + "parAzFirewallTier": "Standard", + "parAzFirewallAvailabilityZones": [ + "1", + "2", + "3" + ] + }, + { + "parVpnGatewayEnabled": true, + "parExpressRouteGatewayEnabled": true, + "parAzFirewallEnabled": true, + "parVirtualHubAddressPrefix": "10.200.0.0/23", + "parHubLocation": "westus2", + "parHubRoutingPreference": "ExpressRoute", + "parVirtualRouterAutoScaleConfiguration": 2, + "parVirtualHubRoutingIntentDestinations": [], + "parAzFirewallDnsServers": [], + "parAzFirewallIntelMode": "Alert", + "parAzFirewallDnsProxyEnabled": true, + "parAzFirewallTier": "Standard", + "parAzFirewallAvailabilityZones": [ + "1", + "2", + "3" + ] + } + ] + }, + "parVpnGatewayScaleUnit": { + "value": 1 + }, + "parExpressRouteGatewayScaleUnit": { + "value": 1 + }, + "parDdosEnabled": { + "value": false + }, + "parDdosPlanName": { + "value": "alz-ddos-plan" + }, + "parPrivateDnsZonesEnabled": { + "value": true + }, + "parPrivateDnsZones": { + "value": [ + "privatelink.westus.azmk8s.io", // Replace xxxxxx with target region (i.e. eastus) + "privatelink.westus.batch.azure.com", // Replace xxxxxx with target region (i.e. eastus) + "privatelink.westus.kusto.windows.net", // Replace xxxxxx with target region (i.e. eastus) + "privatelink.westus.backup.windowsazure.com", // Replace xxxxxx with target region geo code (i.e. for eastus, the geo code is eus) + "privatelink.adf.azure.com", + "privatelink.afs.azure.net", + "privatelink.agentsvc.azure-automation.net", + "privatelink.analysis.windows.net", + "privatelink.api.azureml.ms", + "privatelink.azconfig.io", + "privatelink.azure-api.net", + "privatelink.azure-automation.net", + "privatelink.azurecr.io", + "privatelink.azure-devices.net", + "privatelink.azure-devices-provisioning.net", + "privatelink.azuredatabricks.net", + "privatelink.azurehdinsight.net", + "privatelink.azurehealthcareapis.com", + "privatelink.azurestaticapps.net", + "privatelink.azuresynapse.net", + "privatelink.azurewebsites.net", + "privatelink.batch.azure.com", + "privatelink.blob.core.windows.net", + "privatelink.cassandra.cosmos.azure.com", + "privatelink.cognitiveservices.azure.com", + "privatelink.database.windows.net", + "privatelink.datafactory.azure.net", + "privatelink.dev.azuresynapse.net", + "privatelink.dfs.core.windows.net", + "privatelink.dicom.azurehealthcareapis.com", + "privatelink.digitaltwins.azure.net", + "privatelink.directline.botframework.com", + "privatelink.documents.azure.com", + "privatelink.eventgrid.azure.net", + "privatelink.file.core.windows.net", + "privatelink.gremlin.cosmos.azure.com", + "privatelink.guestconfiguration.azure.com", + "privatelink.his.arc.azure.com", + "privatelink.dp.kubernetesconfiguration.azure.com", + "privatelink.managedhsm.azure.net", + "privatelink.mariadb.database.azure.com", + "privatelink.media.azure.net", + "privatelink.mongo.cosmos.azure.com", + "privatelink.monitor.azure.com", + "privatelink.mysql.database.azure.com", + "privatelink.notebooks.azure.net", + "privatelink.ods.opinsights.azure.com", + "privatelink.oms.opinsights.azure.com", + "privatelink.pbidedicated.windows.net", + "privatelink.postgres.database.azure.com", + "privatelink.prod.migration.windowsazure.com", + "privatelink.purview.azure.com", + "privatelink.purviewstudio.azure.com", + "privatelink.queue.core.windows.net", + "privatelink.redis.cache.windows.net", + "privatelink.redisenterprise.cache.azure.net", + "privatelink.search.windows.net", + "privatelink.service.signalr.net", + "privatelink.servicebus.windows.net", + "privatelink.siterecovery.windowsazure.com", + "privatelink.sql.azuresynapse.net", + "privatelink.table.core.windows.net", + "privatelink.table.cosmos.azure.com", + "privatelink.tip1.powerquery.microsoft.com", + "privatelink.token.botframework.com", + "privatelink.vaultcore.azure.net", + "privatelink.web.core.windows.net", + "privatelink.webpubsub.azure.com" + ] + }, + "parPrivateDnsZoneAutoMergeAzureBackupZone": { + "value": true + }, + "parVirtualNetworkIdToLink": { + "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/HUB_Networking_POC/providers/Microsoft.Network/virtualNetworks/alz-hub-eastus" + }, + "parTags": { + "value": { + "Environment": "Live" + } + }, + "parVirtualNetworkIdToLinkFailover": { + "value": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/HUB_Networking_POC/providers/Microsoft.Network/virtualNetworks/alz-hub-eastus-failover" + }, + "parTelemetryOptOut": { + "value": false + }, + "parGlobalResourceLock": { + "value": { + "kind": "None", + "notes": "This lock was created by the ALZ Bicep vWAN Connectivity Module." + } + }, + "parVirtualWanLock": { + "value": { + "kind": "None", + "notes": "This lock was created by the ALZ Bicep vWAN Connectivity Module." + } + }, + "parVirtualWanHubsLock": { + "value": { + "kind": "None", + "notes": "This lock was created by the ALZ Bicep vWAN Connectivity Module." + } + }, + "parDdosLock": { + "value": { + "kind": "None", + "notes": "This lock was created by the ALZ Bicep vWAN Connectivity Module." + } + }, + "parAzureFirewallLock": { + "value": { + "kind": "None", + "notes": "This lock was created by the ALZ Bicep vWAN Connectivity Module." + } + }, + "parVpnGatewayLock": { + "value": { + "kind": "None", + "notes": "This lock was created by the ALZ Bicep vWAN Connectivity Module." + } + }, + "parPrivateDNSZonesLock": { + "value": { + "kind": "None", + "notes": "This lock was created by the ALZ Bicep vWAN Connectivity Module." + } + }, + "parExpressRouteGatewayLock": { + "value": { + "kind": "None", + "notes": "This lock was created by the ALZ Bicep vWAN Connectivity Module." + } + } + } +}